NSE4-5.4: Which election criterion used to elect primary FortiGate in HA cluster when override is enabled?

Question

Which election criterion is used to elect the primary FortiGate in a high availability (HA) cluster when override is enabled?

A. uptime > priority > port monitor > serial number
B. port monitor > uptime > priority >serial number
C. priority > port monitor >uptime >serial number
D. port monitor > priority > uptime >serial number

Answer

D. port monitor > priority > uptime >serial number

Explanation

The correct answer is D. port monitor > priority > uptime > serial number.

When override is enabled, the following criteria are used to elect the primary FortiGate in a high availability (HA) cluster:

1. Number of operational monitor interfaces. The FortiGate with the greater number of operational monitor interfaces is elected as the primary.
2. Priority. The FortiGate with the higher priority is elected as the primary.
3. HA uptime. The FortiGate with the longer HA uptime is elected as the primary.
4. Serial number. The FortiGate with the higher serial number is elected as the primary.

If multiple FortiGates in an HA cluster meet all of the above criteria, the FortiGate with the highest serial number will be elected as the primary.

Here is a more detailed explanation of each criterion:

• Number of operational monitor interfaces. A monitor interface is an interface that is configured for HA monitoring. The FortiGate with the greater number of operational monitor interfaces is elected as the primary because it is more likely to be able to maintain communication with the other FortiGate in the cluster.
• Priority. The priority is a user-configurable setting that determines the order in which FortiGates are elected as the primary in an HA cluster. The FortiGate with the higher priority is elected as the primary. The default priority for all FortiGates is 128.
• HA uptime. The HA uptime is the amount of time that the FortiGate has been in HA mode. The FortiGate with the longer HA uptime is elected as the primary because it is more likely to be stable and reliable.
• Serial number. The serial number is a unique identifier assigned to each FortiGate. The FortiGate with the higher serial number is elected as the primary if all of the other criteria are equal.

It is important to note that the override feature is not enabled by default. To enable the override feature, you must configure the HA override priority setting on each FortiGate in the cluster. The HA override priority setting overrides the default priority setting and allows you to manually specify which FortiGate should be elected as the primary.

Reference

• Technical Tip: Changing HA role in cluster – Fortinet Community
• NSE 4 Network Security Professional (fortinet.com)
• How to get Certified for Cybersecurity | Fortinet
• NSE 5 Network Security Analyst (fortinet.com)
• Technical Tip: FortiGate HA Primary unit selection… – Fortinet Community
• Technical Tip: HA Master Election Process on Forti… – Fortinet Community

Fortinet Network Security Expert – FortiOS 5.4 NSE4-5.4 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Fortinet Network Security Expert – FortiOS 5.4 NSE4-5.4 exam and earn Fortinet Network Security Expert – FortiOS 5.4 NSE4-5.4 certification.